First, the basic configuration and system installation
-
New two virtual machines svr11, svr12 here. . .
1) virtual machine svr11 memory 2G, hard disk 80G, CentOS7.5 installed operating system (with a GUI interface)
2) the virtual machine svr12 memory 2G, hard disk 80G, CentOS7.5 installed operating system (with a GUI interface) -
Virtual machine svr11, svr12 configure static host name and network parameters
1) svr11 virtual machine host name svr11.dawai.com, IP address 192.168.10.11/24
[root @ bogon ~] # hostname svr11.dawai.com
[root svr11 ~ @] # nmcli the Modify Connection ens33 ipv4.method Manual ipv4.addresses 192.168.10.11/24 ipv4.dns 192.168.10.11 connection.autoconnect yes
2) the virtual machine svr12 host name svr12.dawai.com, IP address 192.168. 10.12 / 24
[bogon the root @ ~] # hostname svr12.dawai.com
[SVR12 the root @ ~] # nmcli ens33 ipv4.method Modify Connection Manual ipv4.addresses 192.168.10.12/24 ipv4.dns 192.168.10.11 connection.autoconnect Yes - The default security policy adjustment
1) for the virtual machine svr11, svr12 completely shut down firewalld firewall service
[root @ svr11 ~] # systemctl STOP firewalld
[root @ svr11 ~] # systemctl disable firewalld
Removed The symlink / etc / systemd / System / Multi-the User. target.wants / firewalld.service.
Removed The /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service the symlink.
[svr11 the root @ ~] #
[SVR12 the root @ ~] STOP # systemctl firewalld
[SVR12 the root @ ~] # systemctl disable firewalld
Removed The /etc/systemd/system/multi-user.target.wants/firewalld.service the symlink.
Removed The the symlink / etc / systemd / System / org.fedoraproject.FirewallD1.service-dbus.
[SVR12 the root @ ~] #
2) for the virtual machine svr11, svr12 completely closed SELinux protection services
[svr11 the root @ ~] # the setenforce 0
[svr11 the root @ ~] # Vim / etc / SELinux / config
the SELINUX = Disabled
[root@svr12 ~]# setenforce 0
[root@svr12 ~]# vim /etc/selinux/config
SELINUX=disabled
Two, yum software source configuration
- Building a Depot CentOS7.5 on the virtual machine svr11
1) Preparation repository directory / var / ftp / cos7dvd, and copy the contents of this CD CentOS7.5 directory
[root @ svr11 ~] # mkdir -p / var / ftp / cos7dvd
[svr11 the root @ ~] # Mount / dev / CDROM / var / FTP / cos7dvd
Mount: / dev / write protection SR0, will mount read-only
[root @ svr11 ~] # ls / var / ftp / cos7dvd
Images LiveOS the repodata the EULA the RPM CentOS_BuildTag-the GPG-KEY-the CentOS-Testing. 7-
the EFI the GPL the isolinux the Packages the RPM-the GPG-KEY. 7-the CentOS-TRANS.TBL
[svr11 the root @ ~] #
2) configuration of the present machine is located in file: // / var / ftp / cos7dvd software source
[svr11 the root @ ~] # LS /etc/yum.repos.d/ .repo
/etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d /etc/yum.repos.d/CentOS-Vault.repo /CentOS-fasttrack.repo
/etc/yum.repos.d/CentOS-CR.repo /etc/yum.repos.d/CentOS-Media.repo
/etc/yum.repos.d/CentOS-Sources.repo /etc/yum.repos.d/CentOS-Debuginfo.repo
[root @ svr11 ~] # mkdir -p /etc/yum.repos.d/oldrepo
[root svr11 ~ @] # Music Videos /etc/yum.repos.d/ .repo /etc/yum.repos.d/oldrepo
[svr11 the root @ ~] # LS /etc/yum.repos.d/
oldrepo
[the root ~ @ svr11 ] #
[@ svr11 the root ~] # Vim /etc/yum.repos.d/svr11.repo
[svr11]
name = svr11.repo
BaseURL = File: /// var / FTP / cos7dvd
enable. 1 =
gpgcheck = 0
~
. 3 ) to adjust the configuration file to disable /etc/yum.conf check for software signature
[root @ svr11 ~] # vim /etc/yum.conf
4) installed and enabled vsftpd service, and set vsftpd service to start automatically
- Provided by the source access software on a virtual machine svr11 SVR12
. 1) located in the machine configuration of the present ftp://192.168.10.11/cos7dvd software source
[root @ svr12 ~] # vim /etc/yum.repos.d/svr12. the repo
[SVR12]
name = svr12.repo
BaseURL = FTP: ///192.168.10.11/cos7dvd
enable. 1 =
gpgcheck = 0
2) adjust the configuration file to disable /etc/yum.conf check for software signature
[root @ SVR12 ~] # vim /etc/yum.conf
3) is installed and enabled wireshark-gnome package, the results confirm the installation
Third, configure and use DNS domain Name service
- Construction of dawai.com on the virtual machine svr11 authoritative DNS server
1) install bind, bind-chroot package
2) address database configuration file /var/named/dawai.com.zone.a, provides the following analytical record
[root @ svr11 ~] # /var/named/dawai.com.zone.a Vim
. 3) address database configuration file /var/named/dawai.com.zone.b, following resolution records
[root @ svr11 ~] # /var/named/dawai.com.zone.b Vim
. 4) arranged /etc/named.conf, defining area "dawai.com", using the address database file
[root @ svr11 ~] # vim /etc/named.conf
5) Enable named Service
- Configure the virtual machine svr11, svr12 used as the preferred DNS server 192.168.10.11
1) adjusting svr11, svr12 network connection settings, DNS will be used to 192.168.10.11
2) performing the following tests on the virtual machine svr11, confirmed the correct parse the results
#host www.dawai.com // returns the result 11.11.11.11
#host bbs.dawai.com // returns the result as 192.168.10.11
3) to perform the following tests on a virtual machine svr12, confirm the correct analytical results
#host www .dawai.com // returns the result 22.22.22.22
#host bbs.dawai.com // returns the result as 192.168.10.11
Fourth, configure and use web server - Add a virtual host svr11.dawai.com, when you access this site page can be displayed "It works !!"
modify DNS configuration file
[root @ svr11 ~] # mkdir / var / the WWW / web1
[root @ svr11 ~] # vim / var /www/web1/index.html
It Works -
Add a virtual host bbs.dawai.com, when they visit the site to see "Network security resurgence, Huawei resurgence" forum system
[root @ svr11 ~] # vim /etc/httpd/conf.d/vhosts.conf
<VirtualHost : 80>
ServerName www.dawai.com
the DocumentRoot / var / WWW / web1
</ VirtualHost>
<VirtualHost : 80>
ServerName bbs.dawai.comDocumentRoot /var/www/web2
</VirtualHost>
~
[root@svr11 ~]# httpd -t
Syntax OK
[root@svr11 ~]#
[Root @ svr12 ~] # vim / var / www / Web2
[root@svr11 ~]# unzip Discuz_X3.4_SC_UTF8.zip -d tdir
[root@svr11 ~]# ls tdir/
readme upload utility
[root@svr11 ~]# cp -rf tdir/upload/ /var/www/web2
[root@svr11 ~]# cd /var/www/web2/
[root@svr11 web2]# chown -R apache config/ data/ uc_server/ uc_client/
[root@svr11 web2]# ls -ld config/ data/ uc_server/ uc_client/
drwxr-xr-x. 2 apache root 90 6月 1 00:49 config/
drwxr-xr-x. 12 apache root 202 6月 1 00:49 data/
drwxr-xr-x. 7 apache root 106 6月 1 00:49 uc_client/
drwxr-xr-x. 14 apache root 256 6月 1 00:49 uc_server/
Fifth, the backup documentation
- All profiles on the Web backup virtual machine svr11 / DNS server requirements are as follows:
1) Create a backup file for the /root/svr11-web-dns.tar.gz
2) all configuration files, including service httpd
3) includes named service profiles and addresses of all library files
4) include /etc/hosts,/etc/resolv.conf file
[root @ svr11 web2] # mkdir / root / svr11-Web-dns
[root @ svr11 web2] # cp / var /named/dawai.com.zone.a / the root / Web-DNS-svr11
[@ svr11 the root web2] CP # /var/named/dawai.com.zone.b / the root / Web-DNS-svr11
[the root @ svr11 web2] CP # /etc/named.conf / the root / Web-DNS-svr11
[@ svr11 the root web2] CP # /etc/httpd/conf.d/vhosts.conf / the root / Web-DNS-svr11
[the root @ svr11 web2] CP # /etc/resolv.conf / the root / Web-DNS-svr11
[@ svr11 the root web2] CP # / etc / the hosts / the root / Web-DNS-svr11
[@ svr11 the root web2] CP # / etc / yum .conf / root / svr11-web- dns
[root@svr11 web2]# cp /etc/yum.repos.d/svr11.repo /root/svr11-web-dns
[root@svr11 ~]# tar -zcPf svr11-web-dns.tar.gz /root/svr11-web-dns